Playing Ball

[dave <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CANVAS release announcement: http://www.immunityinc.com/news-latest.shtml

You can't have a penetration testing toolkit without a Windows rootkit.
To that end, this month Immunity released HCN, the next generation of
CANVAS Windows Kernel rootkits.

People always underestimate how hard it is to write a rootkit. On one
hand, it's like engineering. Specialized engineering, but engineering
nonetheless. You aren't hunting down tiny gold nuggets the way you are
with vulnerability finding and exploit development.

But the testing is nightmarish. Writing a rootkit is like being able to
stick a knife in someone, but in a way they can still play basketball
afterwards. That's an expensive thing to do, and it's not something you
do and then ever really call done.

But the HCN Rootkit works across any Windows you care about, minus 64
bit for now. It can be set to call back to CANVAS, or simply used to
hide another trojan of some kind.

And in conclusion, commercially supported Windows rootkits are awesome.

- -dave

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkqpPbsACgkQtehAhL0ghepi+wCff8gdryQAVq9U+T3X3/y4K48A
8CcAn30IKYWC7XftAb6idmuJTGsOApVa
=E/MR
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave